Viruses, Trojan horses, and Other Malicious Programs Your Operating System and Applications are Infected.You, the user, are the target of phishing attacks. Avoid phishing scams and safeguard your personal information by following these steps.
Even if a company is operating illegally, it still needs to generate more revenue than it expends in order to be profitable.A new type of ransomware or Trojan that steals data requires a lot of research and coding.On the other hand, creating a fake version of PayPal or a bank website is much simpler.Phishing scammers cut costs to make the most money. They only need to convince enough people to give their credentials to the fictitious website.
They can drain bank accounts, steal personal information, or simply sell stolen credentials to other criminals at a wholesale price.You shouldn’t fall for a phishing scam.You can avoid that dreadful fate by following these suggestions.
How has online fraud been affected by COVID?
Phishing con artists were in heaven at the height of the pandemic because so many people were working from home and looking for online entertainment.First and foremost, they have just broadened the scope of legitimate credential theft scams. However, the apprehension, skepticism, and fear brought on by this unprecedented pandemic made it ideal material for brand-new scams.
Google reported blocking 18 million virus-related scams every day in April 2020.Google performs admirably;According to estimates, it blocks 99.9% of spam and phishing emails.However, this indicates that daily, 18,000 unwanted messages reached an unknown number of recipients.
Scammers using viruses aren’t just after your passwords;They’re after your cash.Scams and con artists have been around as long as humans have, and they are just as effective online as they are in person.Any email that mentions the pandemic should be avoided, especially if it urges you to download a file or click a link right away.Instead of clicking on a link provided, go directly to the source of the fake email if the sense of urgency concerns you.
Please read How to Spot and Avoid COVID-19 Scams for specific advice on how to avoid this kind of danger.
How do scams using phishing work?
Creating a clone of a secure website that is good enough to fool most people, or even just a few, is the key to running a credential-stealing phishing scam.Every link on the classiest fakes leads to the real site.Well, every link except the one that gives the criminals your username and password.The fraudsters may attempt to create a URL that appears at least a little bit legitimate as icing on the cake.Consider pyapal.com or paypal.security.reset.com as alternatives to paypal.com.
However, not all phishing pages are executed well.Some people copy the wrong colors or don’t match the page in any other way.Other URLs, such as seblakenakkalikalaudimakan.crabdance.com or X8el87.journal.com, are completely inconvincing.It would appear that the con artists would give up if they couldn’t get a few rip-offs from these shoddy fakes.
When you use a phishing website and enter your username and password, the owners of the site have full access to your account.They might send your credentials to the real website so it looks like you were logged in normally in order to keep you from realizing you were duped.When your friends say they are receiving spam from you or when you discover that your bank account is empty or that you are unable to access your email, this may be your only clue.So, how can you protect yourself from attacks of this kind?
Eliminate the Obvious There are some fake websites whose implementation is simply too poor to persuade anyone who is paying attention.Press Ctrl+F5 to completely reload the page in case the bad appearance was a fluke when you link to a website.But stay away if it still doesn’t look right.
(Credit:PCMag) Take a look at the page up top.Why are all of the entry fields positioned side by side?The majority of modern websites adapt to the window size of your browser.You are more likely to notice that the website name in the Address Bar lacks the crucial lock icon now that your suspicions have been raised.
(Credit:PCMag) When creating a phishing page, authenticity is crucial.It’s kind of a giveaway to use a free web hosting service that puts its domain in your URL or places its banner on your page.However, whenever I conduct a phishing protection test, I come across a few of these fakes that haven’t even tried.Who would have thought Yahoo used Weebly?
What Can the Address Bar Teach You?
The address bar is becoming less of a focus in modern web browsers.At the very least, it is now the search-plus-address bar.But when you’re looking at a page to make sure it’s real, that address bar is a crucial resource.Without even thinking about it, the best phish-sniffers can spot an incorrect URL out of the corner of their eye.
(Credit:PCMag) Sometimes things are easy.When they see “Placeboook,” not many people would think, “Yes, that’s Facebook.”However, other con artists employ more difficult spoofs, such as Amazon’s Arnazon.
Be on the lookout for attempts to cover up the actual domain in the URL.That is the part that comes before the last.com,.net,.org, and so on.Subdomains are anything that comes before the domain.A subdomain of paypal.com would exist if the URL fakery.paypal.com existed.If, on the other hand, you come across paypal.fake.com, congratulations!
(Credit:PCMag) Phishing attacks on Dropbox or other online storage accounts don’t have the same guaranteed value as bank login theft.On the other hand, not everyone is as vigilant when it comes to these accounts.Online storage could contain a list of Girl Scout cookie orders or secret plans for a Mars mission.In a similar vein, capturing logins for streaming media accounts does not appear to have a lot of obvious revenue potential. However, gaining access to that account may result in the compromise of a more significant account using the same credentials.The address bar can be seen in the image above.You won’t see “idiotfriend” in the URL, even if you log in to Netflix using credentials stolen from an idiot friend!
(Credit:PCMag) Another oddity here.It is evident that the URL does not represent Xfinity, Comcast, or any other associated brand.Beyond that, however, the browser is displaying a large red flag indicating the revocation of the site’s security certificate.Although it is true that legitimate website administrators occasionally make mistakes and allow their certificates to expire, this page is clearly fraudulent.
Does the HTTPS Lock Matter?
A legacy from the early days of the internet, the HyperText Transfer Protocol (HTTP) communications system is used for basic internet communication.It’s not safe because no one could have predicted that other people would do bad things on the new internet.The bad guys are here, and using the secure HTTPS protocol to connect is the only sensible option.HTTPS pages are marked with a lock icon in web browsers.Chrome goes one step further by actively notifying HTTP sites that are “Not secure.”Never sign in to a website that does not use HTTPS.
(Credit:PCMag) This page may appear to be an authentic Wells Fargo login page if you don’t notice the strange domain.However, keep in mind that there is no lock and the address begins with HTTP:,not via HTTPS:Do not alter this page;It’s wicked!
You might respond, “But wait,” “What about a legitimate website that has just not gotten around to going secure?”I don’t buy it, sorry.There is no excuse in this day and age of HTTPS Everywhere (Opens in a new window).Even if there is no fraud, a website that asks you to log in without using HTTPS is not legitimate.
(Credit:PCMag) Sometimes, just looking doesn’t tell the whole story.Indeed, Commonwealth Bank refers to its online banking system as Netbank on its website.It appears to be a legitimate netbank.com secure page.A quick look at the domain’s whois information may assist you in making your decision if you are unsure.We can probably both agree that the actual website of the Commonwealth Bank would probably not park its hosting with CrazyDomains.com.
From where do email scams originate?
It has been repeated a million times.Never click on links in emails from unknown senders.If you receive messages from people you know, don’t click on links because they might have been hacked.Good advice, this!You might land on a scam or malware-hosting website if you click on a random link.It’s especially important to think about the source when the link takes you to a login page.
It’s possible that your bank will send you an email, but many banks don’t use that method of communication.If you clicked a link on a site that had nothing to do with you and ended up at the Bank of Armorica login page, there’s a good chance it’s a hoax.
It’s actually quite simple to increase your online security, but what if your bank, the IRS, or PayPal really wants to contact you about a problem with your account?The solution is straightforward: bypass the link and sign in to the service directly, as you would normally.
(Credit:PCMag) Pages and emails that appear to require immediate action on your part should also be avoided.The page above suggests that unless you log in, your Facebook account will be disabled.However, examine the Address Bar;Facebook is certainly not that.Once more, simply log in to Facebook as usual and see if anything goes wrong.
Get help in the fight against phishing
Outsmarting fraudsters, uncovering their cleverest tricks, will surely give you a good feeling. But you may not be as sharp tomorrow, so it pays to ask for help in the fight against phishing scams. Modern browsers have protection against scam sites built in and they do a decent job. Most antivirus and security suite products add their own anti-phishing protection; the best of them score up to 100% protection in our tests.
Using a password manager also helps protect you from fraud. For most such products, you can visit a secure page and log in with just one click. And if you somehow manage to land on a fraudulent site, the fact that your password manager won’t fill in your saved credentials is a big red flag.
The savviest netizens use a virtual private network, or VPN, for their online activities. Using a VPN protects your data in transit because the data travels in encrypted form to the VPN server. It also offers some protection against cyberstalking, as your traffic appears to be coming from the VPN server, not your local IP address. But routing your web traffic through a VPN doesn’t help at all against phishing. When you give your credentials to the owners of a phishing site, it doesn’t matter how they got there. Phishing attacks target you, not your device or communication systems.
Our top VPN pick
Phishing is more widespread than you may realize. To get the images for this article, I grabbed the last five or six dozen verified scams from a popular phish watch site and went through them looking for good examples. Yes, scam sites get blacklisted quickly, but scammers just shut down and a new scam site pops up.
Protect yourself from phishing
To avoid the pain of being robbed of much-needed cash, or the embarrassment of revealing your sensitive data to a fraudster, take advantage of available resources such as password managers and the phishing detection system in your antivirus. But keep your eyes open to spot any scams that slip through. If the page comes from a suspicious link, if there is no HTTPS lock in the address bar, if it looks bad in any way, don’t touch it! Your vigilance will pay off.
READ ALSO: CARVANA GIVES BUYER $300 TO FORGET THEIR USED CAR NIGHTMARE CARVANA GIVES BUYER $300
